Domain 5 is covered in this Chapter:

The cryptography area addresses the principles, means and methods used to disguise information to ensure its integrity, confidentiality, authenticity and non-repudiation.

Introduction

Cryptography is used as a security tool everywhere these days, from hashed passwords to encrypted mail, to Internet Protocol Security (IPSec) virtual private networks (VPNs), and encrypted filesystems. This chapter covers most of the cryptography you will use as network security administrators.

This chapter looks closely at a few of the most common algorithms, including Advanced Encryption Standard (AES), the recently announced new cryptography standard for the U.S. government. It covers how key exchanges and public key cryptography come into play and how to use them. You will learn that almost all cryptography is at least theoretically vulnerable to brute force attacks.

Once all of the background is covered, the chapter next looks at how cryptography can be broken, from cracking passwords to man-in-the-middle-type attacks. It looks at how poor implementation of strong cryptography can reduce the security level to zero. Finally, it examines how attempts to hide information using outdated cryptography can easily be broken.

What does the word crypto mean? Its origins are in the Greek word kruptos, which means "hidden." Thus, the objective of cryptography is to hide information so that only the intended recipient(s) can convert it. In crypto terms, the hiding of information is called encryption, and converting the information is called decryption.

• Cryptography is the science of preventing information from being...